Amazon Inspector is an automated and continual vulnerability scanning service that assesses Amazon Elastic Compute Cloud (EC2) instances and container images to improve the security and compliance of infrastructure workloads. Monthly costs are determined by a combination of two dimensions: Amazon EC2 instances being scanned, and the total number of container images initially scanned when pushed to Amazon Elastic Container Registry (ECR) and rescanned during a month.

Amazon EC2 instance scans: Each EC2 instance is continually scanned for software vulnerabilities and unintended network exposure. Total monthly cost is based on the average* number of EC2 instances assessed within a month. For instances that are run intermittently, the price is prorated based on total time run within a month.

Amazon ECR container image scans: Each container image pushed to Amazon ECR that is configured for Amazon Inspector scanning is assessed for software vulnerabilities. Total monthly cost is based on a combination of the number of images initially scanned when pushed into ECR and the number of times those images are rescanned per month.

With Amazon Inspector, you pay only for what you use, with no minimum fees and no upfront commitments.

Free Trial

All accounts new to Amazon Inspector are eligible for a 15-day free trial to evaluate the service and estimate its cost. During the trial, all eligible Amazon Elastic Compute Cloud (EC2) instances and container images pushed to Amazon Elastic Container Registry (ECR) are continually scanned at no cost.

Additionally, you can review estimated spend in the Amazon Inspector console, including aggregated organization-wide spend in the central Amazon Inspector administrator account. This way, you can understand and estimate the cost of using Amazon Inspector for automated and continual vulnerability scans across Amazon EC2 and ECR for your entire organization before deciding.

*Average number of EC2 instances = (total hours of active, supported instances being scanned) / (number of hours in a month, i.e., 720 hours). For example, you have 3 supported instances that were active and being scanned for different amounts of time during a month: The first for 360 hours, the second for 350 hours, and the third for 10 hours, adding up to a total 720 hours of active, supported instances being scanned. Therefore, 720 hours total of instances being scanned that month / 720 hours in the month = 1 average EC2 instance.

Pricing examples

Example 1: Amazon EC2 instance scanning
You enter a new billing month for your US East (N. Virginia) deployment featuring 10 Amazon EC2 instances with the AWS Systems Manager agent installed and configured for Amazon Inspector scanning. These instances run all month. Additionally, 10 more instances are launched and continually scanned with Amazon Inspector during this monthly billing period. However, each of these new instances is active for only 15 days during the billing period. Amazon Inspector charges in US East (N. Virginia) would be calculated as follows:

10 EC2 instances scanned for all 30 days at $1.25 each = 10 * $1.25 = $12.50
10 EC2 instances scanned for only 15 days, resulting in an average of 5 instances, at $1.25 each = 5 * $1.25 = $6.25
For the month, your Amazon Inspector bill would be $18.75.

Example 2: Amazon ECR container image with continual scanning
You enter a new billing month for your US East (N. Virginia) deployment with 500 previously pushed, scanned, and retained container images from the last 30 days in an ECR repository configured for continual scanning. You also push 1,000 new container images to the same repository during the month. Your costs will include the 1,000 new container images initially scanned when they are pushed into ECR as well as a charge for rescanning the total of 1,500 retained container images. For this month, there were updates to the Amazon Inspector vulnerability database, which started 15 rescans. Amazon Inspector charges in US East (N. Virginia) would be calculated as follows:

1,000 newly pushed container images initially scanned at $0.09 each = 1,000 * $0.09 = $90.00
(1,000 newly pushed container images + 500 previously pushed and scanned container images already in the repository = 1,000 + 500 = 1,500 total images in the repository)
1,500 images, each rescanned an average of 15 times, at $0.01 per rescan = 1,500 * 15 * $0.01 = $225.00
For the month, your Amazon Inspector bill would be $315.00.

Example 3: Amazon ECR container image with on-push scanning
You enter a new billing month for your US East (N. Virginia) deployment with 500 previously pushed, scanned, and retained container images in an ECR repository configured for on-push scanning. You push 1,000 new container images to the same repository during the month. Your costs will include only the 1,000 new container images scanned when they are pushed into ECR. Since the repository is configured for on-push scanning, there will be no rescans and thus no additional charges. Amazon Inspector charges in US East (N. Virginia) would be calculated as follows:

1,000 newly pushed container images initially scanned at $0.09 each = $90.00
(There is no charge for the 500 previously scanned images.)
For the month, your Amazon Inspector bill would be $90.00.

Additional pricing resources

AWS Pricing Calculator

Easily calculate your monthly costs with AWS

Get Pricing Assistance

Contact AWS specialists to get a personalized quote

Learn how to get started

Find links to our developer's guide, helpful video, and console guides.

Learn more 
Sign up for a free account

Instantly get access to the AWS Free Tier. 

Sign up 
Start building in the console

Get started building with Amazon Cloud Directory in the AWS Console.

Sign in